WP Doctor


Scan directories testing files against text or regexp rules, the rules based on self gathered samples and publicly vailable malwares/webshells.

WP Doctor is based on security guidelines wordpress. For more information visit WP DOCTOR PLUGIN PAGE and our website.

Malware scanner/cleaner:

Malware removal plugin. Periodically scan the files and send an email with the list of infected files. Specify files that are not infected despite having been detected.

  • Scan the server for infected with malicious code or malware.
  • Clean infected files.
  • Scanning is automatically activated every x hours (the hours are configurable).
  • Send an email indicating the infected files.
  • Provides the ability to specify files that are not infected despite having been detected.
  • The Hours, email and infected files are configurable by the user in a very easy way.
  • This plugin will be continually updated with new viruses and new features.

Detects and removes malware such as:

  • eval (base64_decode …
  • eval (gzinflate …
  • eval (base64 …
  • eval (gzinflate (base64_decode …

Search domain blacklist

Check if the domain is in this blacklist:

  • dnsbl-1.uceprotect.net
  • surbl.org
  • uribl.com

Htaccess analysis

A good .htaccess can protect your wordpress. WP Doctor make an analysis of the .htaccess file and suggests safety modifications.

  • Securing wp-includes.
  • Securing wp-admin.

File permissions analysis

Allowing write access to your files is potentially dangerous. WP Doctor analyzes the files and folders permissions.

  • Check the files to have permission 644.
  • Check the folders to have permission 755.
  • Function to automatically switch to the correct permissions (depending on the server configuration).

IP blocks

Ip’s Manager(add and delete) to which they are not allowed access to the web.

Using the plugin:

  • Install and activate the plugin.
  • Plugin administration is in Settings -> WP Doctor.
  • Since the administration you can set the hours and the email.
  • The Auto Scan runs when they pass the hours indicated in the configuration.
  • You can scan whenever you want from the administration of the plugin.
  • The delete function malware is executed from the administration.
  • Before making a removal of malware is recommended to back up files to be treated.
  • Changing permissions of files and folders depends on the server configuration.


  • WPDoctor Admin.
  • Clean and changing permissions operations.
  • Automatic scan settings.


This section describes how to install the plugin and get it working.

  1. Install the plugin via the plugins menu in your administrator.
  2. Activate it and you’ll see a new menu option in “Settings” the “wp doctor”.
  3. Configure hours and email.

Preguntas frecuentes

  • What can I customize on wp doctor?
  • Scan period
  • Correo electronico
  • Ficheros


Plugin doesn’t work

Plugin doesn’t work

Gateway Timeout

The gateway did not receive a timely response from the upstream server or application.

False alarms

It says my site is on this blacklist: black.uribl.com. However, this domain doesn’t even exist and when I check URIBL on the correct url https://admin.uribl.com/?section=lookup; my domain is not blacklisted at all.

Also the plugin shows multiple suspiious files from which I know they are clean.

To be honest, I don’t trust this plugin, and it doesn’t work properly anyway.

Nice simple plugin. Catches the important stuff

It’s free. Scans well. Catches important issues and can be scheduled at will.

English translation could use work: the language isn’t totally clear, though growing up with Spanish-speaking relatives, I was able to understand it 😉

I look forward to seeing how far it can go, and how well it will evolve.

Leer todas las 5 reseñas

Colaboradores y desarrolladores

“WP Doctor” es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Traduce “WP Doctor” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN , o suscríbete al log de desarrollo por RSS .

Registro de cambios


  • Detect webshells.


  • Add dnsbl-1.uceprotect.net scan blacklist.


  • New design.


  • Check if the domain is in blacklist.


  • Blocks access to the ips you indicate.


  • htaccess and permissions analysis.


  • Clean function and more security.


  • first release